[Service]
NoNewPrivileges=no
MemoryDenyWriteExecute=no
ProtectKernelTunables=no
ProtectKernelModules=no
RestrictRealtime=no